package main

import (
	"encoding/base64"
	"encoding/hex"
	"fmt"
	"io/ioutil"

	"gitee.com/gogm/gmsm/sm2"
)

func PrintCert(data string) {
	fmt.Println("-----BEGIN CERTIFICATE-----")
	nums := len(data) / 64
	mod := len(data) % 64
	i := 0
	for i = 0; i < nums-1; i++ {
		fmt.Println(data[i*64 : (i+1)*64])
	}
	if mod > 0 {
		fmt.Println(data[(i+1)*64:])
	}
	fmt.Println("-----END CERTIFICATE-----")

}

func DecodeCerts() {
	certsca := "3082025a30820200a003020102020900b9d9428e2328538b300a06082a811ccf55018375308182310b300906035504061302434e310b300906035504080c02424a3110300e06035504070c074861694469616e31253023060355040a0c1c4265696a696e67204a4e544120546563686e6f6c6f6779204c54442e31153013060355040b0c0c534f5242206f6620544153533116301406035504030c0d546573742043412028534d3229301e170d3230313031393033353432395a170d3234313132373033353432395a308182310b300906035504061302434e310b300906035504080c02424a3110300e06035504070c074861694469616e31253023060355040a0c1c4265696a696e67204a4e544120546563686e6f6c6f6779204c54442e31153013060355040b0c0c534f5242206f6620544153533116301406035504030c0d546573742043412028534d32293059301306072a8648ce3d020106082a811ccf5501822d0342000440d5e49fc7290a2d8548e6656bcb594400e11752418928dd83c1228702cd72b7d98ec33c80e906e34c62067b0721c65e69345f236428381e2e05b6436b51dcbca35d305b301d0603551d0e04160414f3b805e873567f85a25f9432d897780aa21fa785301f0603551d23041830168014f3b805e873567f85a25f9432d897780aa21fa785300c0603551d13040530030101ff300b0603551d0f040403020106300a06082a811ccf550183750348003045022100a7363ddf23f8675acd313dc2de91f76cc4cafabc35bbaa69a018c2b15fcf5a7502200c020dae8ff166d6432e04f0d1c19a7ee381fe24c67deb743f61a59959e62263"
	certsss := "3082021c308201c1a003020102020900d21766be4a85d0a4300a06082a811ccf55018375308182310b300906035504061302434e310b300906035504080c02424a3110300e06035504070c074861694469616e31253023060355040a0c1c4265696a696e67204a4e544120546563686e6f6c6f6779204c54442e31153013060355040b0c0c534f5242206f6620544153533116301406035504030c0d546573742043412028534d3229301e170d3230313031393033353432395a170d3234313132373033353432395a308186310b300906035504061302434e310b300906035504080c02424a3110300e06035504070c074861694469616e31253023060355040a0c1c4265696a696e67204a4e544120546563686e6f6c6f6779204c54442e31153013060355040b0c0c42535243206f662054415353311a301806035504030c11736572766572207369676e2028534d32293059301306072a8648ce3d020106082a811ccf5501822d03420004e28cbdcfc800c2c9f9b7dc6aa9f22b60f3a8d4641c9bb35d3ee4ad16173c07bce3c1d1cfa70d99f4993429a2f91f737b39f0be24dfa295fc7c73f8f5bf301cfda31a301830090603551d1304023000300b0603551d0f0404030206c0300a06082a811ccf550183750349003046022100f80f203154fe747dff0c5cf5a7cb0fcc8513f1398253a40cc9c52ee99005a907022100e0e729411d04a008584e8ae47109145dd7f14efc2e1822c9aef0d833905ce06b"
	certscs := "3082021a308201c1a003020102020900d21766be4a85d0a6300a06082a811ccf55018375308182310b300906035504061302434e310b300906035504080c02424a3110300e06035504070c074861694469616e31253023060355040a0c1c4265696a696e67204a4e544120546563686e6f6c6f6779204c54442e31153013060355040b0c0c534f5242206f6620544153533116301406035504030c0d546573742043412028534d3229301e170d3230313031393033353432395a170d3234313132373033353432395a308186310b300906035504061302434e310b300906035504080c02424a3110300e06035504070c074861694469616e31253023060355040a0c1c4265696a696e67204a4e544120546563686e6f6c6f6779204c54442e31153013060355040b0c0c42535243206f662054415353311a301806035504030c11636c69656e74207369676e2028534d32293059301306072a8648ce3d020106082a811ccf5501822d03420004b89679467caa2f58f6214f28251331ac7cfdb360a484fdc5f6e236c6a913ccb244521a461f3cb1a20be1fcbfa9d27a072ed37c19e2980f25512884138ba96c0da31a301830090603551d1304023000300b0603551d0f0404030206c0300a06082a811ccf55018375034700304402205d1240f723de89c4ed72c9bcd17c2b5ddc505b1ab4c301afae240c7ccf96231202204e0b17f2a36236ef890e8d9f25b2a0b9e549de733dbd4ea926ac1ca35f2544b1"

	cd1, _ := hex.DecodeString(certsca)
	cd2, _ := hex.DecodeString(certsss)
	cd3, _ := hex.DecodeString(certscs)

	certca, err := sm2.ParseCertificate(cd1)
	if err != nil {
		fmt.Println("err->", err)
		return
	}

	fmt.Println("\n\nCertca-->", certca.SerialNumber)
	PrintCert(base64.StdEncoding.EncodeToString(cd1))
	certss, err := sm2.ParseCertificate(cd2)
	if err != nil {
		fmt.Println("err->", err)
		return
	}
	fmt.Println("\n\nCertss-->", certss.SerialNumber)
	PrintCert(base64.StdEncoding.EncodeToString(cd2))
	certcs, err := sm2.ParseCertificate(cd3)
	if err != nil {
		fmt.Println("err->", err)
		return
	}
	fmt.Println("\n\nCertcs-->", certcs.SerialNumber)
	PrintCert(base64.StdEncoding.EncodeToString(cd3))

	certBytes, err := ioutil.ReadFile("./sm2Certs/CA.cert.pem")
	if err != nil {
		panic("Unable to read cert.pem")
	}

	clientCertPool := sm2.NewCertPool()
	ok := clientCertPool.AppendCertsFromPEM(certBytes)
	if !ok {
		panic("failed to parse root certificate")
	}

	opts := sm2.VerifyOptions{
		Roots: clientCertPool,
		// CurrentTime:   c.config.time(),
		Intermediates: sm2.NewCertPool(),
		KeyUsages:     []sm2.ExtKeyUsage{sm2.ExtKeyUsageClientAuth},
	}

	// for _, cert := range certs[1:] {
	// opts.Intermediates.AddCert(certss)
	opts.Intermediates.AddCert(certcs)
	// }

	_, err = certss.Verify(opts)
	if err != nil {
		panic("tls: failed to verify client's certificate: " + err.Error())
	}

	fmt.Println("aaaaaa")
}

func main() {
	DecodeCerts()
}
